From c57b8bb7b35d8515a0412c6534fb420ab4e3e092 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Thu, 3 Sep 2009 10:36:02 +0000
Subject: [PATCH] Move the code to dup2 the script fds to low numbered
 descriptors into script_duplow() and fix the fd sorting.

---
 script.c | 26 ++++++++++++++++++++++++--
 sudo.c   | 12 ++----------
 sudo.h   |  1 +
 3 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/script.c b/script.c
index 0ec626fcf..a2e8d7541 100644
--- a/script.c
+++ b/script.c
@@ -103,7 +103,10 @@ fdcompar(v1, v2)
     const void *v1;
     const void *v2;
 {
-    return(*(int *)v1 - *(int *)v2);
+    int i = *(int *)v1;
+    int j = *(int *)v2;
+
+    return(script_fds[i] - script_fds[j]);
 }
 
 void
@@ -254,9 +257,28 @@ script_setup()
     script_fds[SFD_TIMING] = open(pathbuf, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR);
     if (script_fds[SFD_TIMING] == -1)
 	log_error(USE_ERRNO, "Can't create %s", pathbuf);
+}
+
+int
+script_duplow(fd)
+    int fd;
+{
+    int i, j, indices[5];
 
     /* sort fds so we can dup them safely */
-    qsort(script_fds, 5, sizeof(int), fdcompar);
+    for (i = 0; i < 5; i++)
+	indices[i] = i;
+    qsort(indices, 5, sizeof(int), fdcompar);
+
+    /* Move pty master/slave and session fds to low numbered fds. */
+    if (def_script) {
+	for (i = 0; i < 5; i++) {
+	    j = indices[i];
+	    dup2(script_fds[j], fd);
+	    script_fds[j] = fd++;
+	}
+    }
+    return(fd);
 }
 
 int
diff --git a/sudo.c b/sudo.c
index e6e20dea5..3cc7cc44b 100644
--- a/sudo.c
+++ b/sudo.c
@@ -147,7 +147,6 @@ uid_t timestamp_uid;
 extern int errorlineno;
 extern int parse_error;
 extern char *errorfile;
-extern int script_fds[5];
 #if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL)
 static struct rlimit corelimit;
 #endif /* RLIMIT_CORE && !SUDO_DEVEL */
@@ -463,7 +462,7 @@ main(argc, argv, envp)
 
 	/* Get next session ID so we can log it. */
 	if (def_script)
-	    script_nextid();
+	    script_nextid(); /* XXX - only if we will run a command */
 
 	log_allowed(validated);
 	if (ISSET(sudo_mode, MODE_CHECK))
@@ -550,14 +549,7 @@ main(argc, argv, envp)
 	sudo_endgrent();
 
 	/* Move pty master/slave to low numbered fd and close the rest. */
-	fd = def_closefrom;
-	if (def_script) {
-	    int i;
-	    for (i = 0; i < 5; i++) {
-		dup2(script_fds[i], fd);
-		script_fds[i] = fd++;
-	    }
-	}
+	fd = def_script ? script_duplow(def_closefrom) : def_closefrom;
 	closefrom(fd);
 
 #ifndef PROFILING
diff --git a/sudo.h b/sudo.h
index 34b9e663d..86e04a89b 100644
--- a/sudo.h
+++ b/sudo.h
@@ -325,6 +325,7 @@ void selinux_exec __P((char *, char *, char **, int));
 #ifdef HAVE_GETUSERATTR
 void aix_setlimits __P((char *));
 #endif
+int script_duplow __P((int));
 int script_execv __P((const char *, char * const *));
 void script_nextid __P((void));
 void script_setup __P((void));
-- 
2.40.0